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(57) A justification/authentication personal certifi- 
cate system stores in a remote database (3) a counter- 
part of an identifier (11) and a digital watermark con- 
tained in the personal certificate (1 0). The personal cer- 
tificate includes the digital watermark embedded in an 
authentic image (12) such as a facial photograph, a ret- 
inal scan, or a fingerprint. When the personal certificate 
is used, the authentic image is read from the personal 
certificate, and the digital watermark information is ex- 
tracted. The digital watermark information and the iden- 
tifier are compared with the counterparts stored in the 
database. If the extracted digital watermark information 
is identical to the information in the database, then the 
personal certificale is judged lo be unjusliriable. In one 
embodiment, at least one of the identifier and digital wa- 
termark are changed each time the system justifies the 
personal certificate. 
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Description 

[0001 ] This invention relates to a justification authen- 
ticating system, a personal certificate issuing system, 
and a personal certificate used in these systems. The 
invention also concerns a method for issuing personal 
certificates and a method for authenticating personal 
certificates. 

[0002] In general, personal certificates that include 
authentic images (of a card type or a book type), such 
as a credit card, cash card, membership card, student 
identification card, employee ID card, passport, health 
insurance card, and license, have been widely used. In 
this specification, the "authentic image" signifies an im- 
age by which an individual is identified, such as a pho- 
tographic image of a face, an image of a fingerprint, or 
an image or a pupil or iris. 

[0003] Incidents frequently occur in which a person 
who is not the righlfui owner of a personal certificate 
substitutes an authentic image of the owner for another 
authentic image to impersonate the rightful owner. This 
is a social problem. 

[0004] As acountermeasure against such counterfeit- 
ing, a technique for embedding a digital watermark into 
a facia! photograph has been proposed (see Japanese 
Unexamined Patent Publication No. Hei-1 0-275203), 
the disclosure of which is herein included by reference. 
[0005] According to the digital watermark method, 
digital data is embedded into an authentic image as a 
watermark so as to be indistinguishable to the eye, while 
permitting normal viewing of the authentic image. 
[0006] Inthis technique, the justification of apersonal 
certificate is judged in such a way that a digital water- 
mark embedded in the personal certificate is accurately 
extracted by the aid of authentication equipment (for ex- 
ample, a card reader). 

[0007] In one method, when a personal certificate is 
formed, an identifier of the owner of the certificate may 
be "BBB", for example, information to be added may be 
"AAA", and the digital watermark of "ABABAB" is creat- 
ed and embedded. 

[0008] In this case, the digital watermark is read from 
an authentic image when authenticated. If the reading 
fails, the identification is judged to be unjustifiable. If the 
reading is successful, according to an opposite proce- 
dure to the procedure followed when embedded, the 
identifier "BBB" is extracted from the digital water mark 
"ABABAB", and the information "AAA" is extracted. A 
judgment is then made as to whether or not the infor- 
mation is correct. If the information is correct, it is judged 
to be justifiable, and, if not, it is judged to be unjustifiable. 
[0009] A disadvantage of the above technique is that, 
since the justification is determined only by the data 
stored on the card, falsification is easily perpetrated if 
the algorithm for embedding the digital watermark is 
leaked or revealed. For example, the illegality of an of- 
fender B will not be exposed if the offender, who stole 
the credit card of a person A, merely pastes a facial pho- 



tograph of the offender on it in which a digital watermark 
according to the known algorithm is embedded in it, and 
the offender B uses this altered credit card. Accordingly, 
the above technique cannot completely avoid security 

5 problems. 

[0010] Briefly stated, an aspect of the present inven- 
tion provides a justification/authentication personal cer- 
tificate system which stores in a remote database a 
counterpart of an identifier and a digital watermark con- 

10 tained in the personal certificate. The personal certifi- 
cate includes the digital watermark embedded in an au- 
thentic image such as a facial photograph, a retinal 
scan, or a fingerprint. When the personal certificate is 
used, the authentic image is read from the personal cer- 

is tificate, and the digital watermark information is extract- 
ed. The digital watermark information and the identifier 
are compared with the counterparts stored in the data- 
base. If the extracted digital watermark information is 
identical to the information in the database, then the per- 

20 sonal certificate is judged to be unjustifiable. In one em- 
bodiment, at least one of the identifier and digital water- 
mark are changed each time the system justifies the per- 
sonal certificate. 

[0011] According to an aspect of the invention, there 

25 is provided a justification authenticating system com- 
prising: a database for storing an identifier of a personal 
certificate and digital watermark information related to 
said identifier, a personal certificate containing said 
identifier, said personal certificate also containing a 

30 readable authentic image in which a digital watermark 
relative to said identifier is embedded, a read means for 
reading at least said authentic image from said personal 
certificate, a watermark information inquiring means for 
extracting digital watermark information corresponding 

35 to said identifier from said authentic image, and a wa- 
termark information comparing means for judging 
whether said digital watermark information extracted by 
said watermark information inquiring means from said 
personal certificate is identical to said watermark infor- 

40 mation stored in said database, if said watermark inquir- 
ing means finds identical watermark information in said 
watermark information from said authentic image and 
said database, said watermark inquiring means justifies 
said personal certificate, and if the watermark informa- 

^5 tion from the two sources are not identical, then the wa- 
termark inquiring means fails to justify said personal cer- 
tificate. 

[0012] According to another aspect of the invention, 
there is provided a personal certificate issuing system 

50 comprising: an identifier generating means for generat- 
ing an identifier unique to a personal certificate, a wa- 
termark information generating means for generating 
digital watermark information corresponding to said 
identifier, a database for storing said identifier of said 

55 personal certificate and said digital watermark informa- 
tion relative to said identifier in relation to each other, a 
watermark information registering means for storing 
said identifier generated by said identifier generating 
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means and said digital watermark information generat- 
ed by said watermark information generating means in 
said database, an image input means for inputting a raw 
authentic image, a watermark-embedded image form- 
ing means for forming a watermark-embedded authen- 
tic image in which said digital watermark is embedded 
on said authentic image input by said image input 
means, and a personal certificate that readably carries 
said authentic image generated by said watermark-em- 
bedded image forming means and said identifier gener- 
ated by said identifier generating means. 
[001 3] According to a further aspect of the invention, 
there is provided a personal certificate comprising: a 
unique identifier, an authentic image of an authorized 
user of said personal certificate, said authentic image 
being viewable by eye, said authentic image containing 
embedded therein digital watermark information corre- 
sponding to said identifier, and means for permitting 
communication of said identifier and said digital water- 
mark information to a database remote from said per- 
sonal certificate. 

[001 4] Preferably, digital watermark information em- 
bedded in an authentic image is stored not only on the 
authentic image of a personal certificate but also on a 
database, and therefore only justifiable use is permitted 
following a comparison of the digital watermark informa- 
tion stored in the database and the digital watermark in- 
formation extracted from the personal certificate. 
[0015] For example, since the database itself is not 
modified even if digital watermark information is embed- 
ded expertly in the facial photograph of a personal cer- 
tificate stolen by the offender B, the comparison with the 
database fails, and the illegality of the offender B is ex- 
posed, that is to say, compared with the case in which 
security depends only on the authentic image of the per- 
sonal certificate, security can be greatly improved. 
[0016] Preferably, the digital watermark stored in the 
information carrier can be read as digital data, and 
therefore the digital watermark information can be ac- 
curately compared. 

[0017] Preferably, the information carrier is a semi- 
conductor memory or a magnetic material, and there- 
fore data can be stored without greatly increasing the 
weight of the personal certificate. 
[0018] Preferably, the authentic image is printed on 
printed matter, and therefore the personal certificate Is 
thinner and lighter. 

[0019] Preferably, random values are included in the 
digital watermark information. Therefore, persons who 
attempt falsification or alteration cannot predict the ran- 
dom portion of the information. This increases the diffi- 
culty of falsification. 

[0020] Preferably, the digital watermark information 
embedded in the facial photograph information of the 
database and of the personal certificate is updated 
whenever necessary or desirable. Therefore, infallible 
measures can be taken against falsification. 
[0021] Preferably, the database is located at a dis- 



tance from the place where the personal certificate is 
used. The data is communicated through a communica- 
tion network. Thus, the digital watermark information 
does not leak out as long as access to the database is 
5 prevented. Therefore, the security of the system is im- 
proved. 

[0022] Various embodiments of the invention will now 
be more particularly described, by way of example, with 
reference to the accompanying drawings, in which: 

10 

Fig. 1 is a block diagram of a system according to 
a first embodiment of the present invention. 

Fig. 2 is a block diagram of a system according to 
'5 a second embodiment of the present invention. 

Fig. 3 is a flowchart showing an issuing process ac- 
cording to the first embodiment of the present in- 
vention. 

20 

Fig. 4 is a flowchart showing an authentication proc- 
ess of the present invention. 

Fig. 5 schematically shows the relationship among 
25 a personal certificate, an identifier, a digital water- 
mark, and a database of the same. 

[0023] Embodiments of the present invention are de- 
scribed hereinafter with reference to the accompanying 
30 drawings. First, prior to the description of each embod- 
iment, the relationship among an identifier, digital wa- 
termark information, and a database according to the 
present invention is roughly described with reference to 
Fig. 5. A case where the photographic image of a face 
is used as an authentic image is primarily described be- 
low. 

[0024] As shown in Fig. 5, a personal certificate 5 in- 
cludes an identifier 1 and an authentic image 4. There 
is a one-to-one relationship between the identifier 1 and 
digital watermark information 2 which are stored in a da- 
tabase 3. In this example, for purposes of description, 
and not as a limitation, the identifier 1 is "123", and the 
digital watermark information 2 is "hogehoge". 
[0025] Referring to Fig. 1 , a system according to the 
first embodiment of the present invention employs a per- 
sonal certificate 1 0 shown at the upper left of Fig. 1 . The 
personal certificate 1 0 is one that has been issued, and 
is used for authentication. A personal certificate 20 
shown at the upper right of Fig. 1 is being prepared for 
issue, but has not yet been completed for issue. 
[0026] The completed and issued personal certificate 
1 0 has a display part 1 2 in which a photograph of a face 
or the like is displayed, a memory 13 as an information 
carrier, and an identifier 11(in this embodiment, "123"). 
[0027] The personal certificate 10 further has an in- 
put-output port 14 to access the memory 13. If the ca- 
pacity is large enough to store an image, a magnetic 
material, such as a magnetic strip, may be used as an 
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information carrier instead of the memory 13. 
[0028] An authentic image in which digital watermark 
information is embedded, is stored in the memory 13. 
The authentic image can be displayed on the display 
part 12 if necessary. The display part 12 may be, for ex- 
ample, an LCD. 

[0029] Likewise, the personal certificate 20 being pre- 
pared for issue includes an identifier 21 (herein "234"), 
a display part 22, a memory 23, and an input-output port 
24. The personal certificate is constructed in this way. 
[0030] Next, a system of this embodiment is de- 
scribed. For convenience of explanation, this system is 
a combination of a justification authenticating system 
and a personal certificate issuing system. However, the 
authenticating system and the issuing system can be 
separately constructed. 

[0031] A reading means 30 is connected to the input- 
output port 14. The connection of the reading means 30 
may be a wired or wireless connection. The reading 
means 30 reads the authentic image that is stored in the 
memory 13 and in which digital watermark information 
is embedded. 

[0032] A write means 31 is connected to the input-out- 
put port 24. The connection of the write means 31 may 
be a wired or wireless connection. The write means 31 
writes into the memory 23 facial photograph information 
in which digital watermark information is embedded. 
[0033] An input means 32 accepts information input 
needed when a personal certificate is authenticated or 
issued. A digital camera 33 photographs the face of an 
owner, and outputs an authentic image (digital) of the 
face photographed. A control means 34 controls the 
above, and other elements, and judges the verification 
of the personal certificate. 

[0034] A watermark information extracting means 35 
extracts only the digital watermark information from the 
authentic image read by the reading means 30, and re- 
turns the digital watermark information to the control 
means 34. 

[0035] A watermark information comparing means 36 
compares the watermark information obtained from the 
database 3 with the watermark information extracted by 
the watermark information extracting means 35, and re- 
turns a judgment to the control means 34 on whether or 
not the two sources of watermark information are iden- 
tical. 

[0036] As described later, a watermark-embedded 
image forming means 37 embeds generated watermark 
information obtained from a server 42 side into the au- 
thentic image photographed by the digital camera 33, 
and forms an authentic image in which a digital water- 
mark is embedded. 

[0037] A watermark information registering means 38 
requests the server 42 to register an identifier and a dig- 
ital watermark corresponding to the identifier on the da- 
tabase 3. A watermark information inquiring means 39 
sends the identifier to the database 3 through the server 
42, and requests watermark information relative to the 



identifier. A communication means 40 communicates 
with the server 42 through a communication network 41 . 
[0038] The server 42 is connected to an identifier gen- 
erating means 43 and a watermark information gener- 

5 ating means 44. The identifier generating means 43 ac- 
cesses the database 3, and generates a unique identi- 
fier that has not yet been assigned. The watermark in- 
formation generating means 44 forms watermark infor- 
mation corresponding to the identifier. 

10 [0039] The watermark information is preferably deter- 
mined arbitrarily. Preferably, the watermark information 
is based on a random number generator (pseudo-ran- 
dom number generator). With watermark information 
generated according to random numbers, persons (of- 

15 fenders or their group) who attempt falsification, cannot 
predict the information in a new watermark based on 
knowledge of preceding watermarks. This provides an 
additional level of security for the system. Typically, the 
watermark information is recorded on the database 3 as 

20 text data, and is embedded into the authentic image as 
a digital watermark. 

[0040] Although the authentic image is obtained by 
photography using the digital camera 33 in the example 
of Fig. 1 , the authentic image may be input by any con- 

25 venient input device such as, for example, reading in 
printed matter with an image scanner or the like. If a 
fingerprint image or a pupil image, instead of a face im- 
age, is employed as the authentic image, an input 
means suitable for such an image is used, as a matter 

30 of course. 

[0041] The identifier generating means 43 and the 
watermark information generating means 44 may be 
disposed on the control means 34 side (i.e., the client 
side when seen from the server 42), instead of on the 

35 server 42 side. 

[0042] Next, a system according to a second embod- 
iment of the present invention is described with refer- 
ence to Fig. 2. In this system, a personal certificate does 
not include a memory as an information carrier. This em- 

40 bodiment differs from that of Fig. 1 in the following re- 
spect. 

[0043] Although an identifier 51 (herein "123") is dis- 
played on a personal certificate 50 for authentication, 
an information carrier is omitted. Accordingly, an input- 

45 output port is not required. Instead of a memory and in- 
put-output port, a printed facial photograph 52 is pasted 
on the personal certificate 50. The printed facial photo- 
graph 52 is input through an image scanner 70. 
[0044] Likewise, although an identifier 61 (herein 

so "234") is displayed on a personal certificate 60 for issue, 
a memory and an input-output port are also omitted. In- 
stead, a pasting area for a facial photograph 62 is avail- 
able for pasting therein. Digital watermark information 
is embedded in the facial photograph 62. The facial pho- 

55 tograph 62, together with the digital watermark informa- 
tion is printed on the personal certificate 60 by a printer 
71 . The resulting facial photograph 62 is pasted on the 
pasting area of the personal certificate 60. The remain- 
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ing aspects of the system are identical to the structure 
of Fig. 1. 

[0045] Next, the flow of a process for issuing the per- 
sonal certificate is described hereinafter with reference 
to Fig. 3. In the second embodiment, the technique of 
the reading/writing of the authentic image merely differs 
in the processing itself, and therefore the first embodi- 
ment is primarily described. 

[0046] First, the operator of this system or the owner 
of the personal certificate inputs necessary personal in- 
formation to the system using the input means 32 (step 
1). Thereafter, at step 2, the owner's face : corneal pat- 
tern, fingerprint, or other identifying pattern, is photo- 
graphed with the digital camera 33, scanner, or other 
device, to acquire an authentic image. 
[0047] At step 3, the control means 34 connects to the 
server 42 through the communication network 41 using 
the communication means 40. 

[0048] Thereafter, at step 4 : the control means 34 re- 
quests the server 42 to generate an identifier and wa- 
termark information corresponding to this identifier 
through the communication means 40. 
[0049] In response to this, the identifier generating 
moans 43 on the server 42 side accesses the database 
3, and generates a new identifier that has not yet been 
assigned. The watermark information generating 
means 44 generates watermark information corre- 
sponding to this new identifier. The identifier and the wa- 
termark information are transmitted to the control means 
34 (step 5). 

[0050] The control means 34 receives them, and re- 
quests the watermark information registering means 38 
to register the received identifier and watermark infor- 
mation on the database 3 (step 6). In response to this 
demand, the server 42 stores the information in the da- 
tabase 3. Thereafter notification is transmitted to the 
control means 34 that the registration has been com- 
pleted (step 7). 

[0051] Upon receiving this notification, the control 
means 34 releases the connection with the server 42 
(step 8), and gives the received watermark information 
and the authentic image obtained from the digital cam- 
era 33 to the watermark-embedded image forming 
means 37, and thereby a watermark-embedded image 
is formed (step 9). 

[0052] At step 10, the watermark-embedded image 
formed as described above is transmitted to the write 
means 31. The write means 31 writes this image into 
the memory 23 through the input-output port 24, and the 
authentic image is displayed on the display part 22 when 
necessary. This completes the issuing process. 
[0053] Next, the authentication process is described 
with reference to Fig. 4. The personal certificate 1 0 that 
has been issued is inserted into the read means 30. 
First, the read means 30 reads an identifier 11 (herein 
"123") from the personal certificate 10 (step 20). The 
identifier may be input by any convenient device such 
as, for example, with the input means 32. 



[0054] Thereafter, at step 21, the read means 30 
reads the authentic image that is stored in the memory 
13 and in which digital watermark information is surely 
embedded, through the input-output port 14. 
s [0055] Thereafter, at step 22, the control means 34 
transmits the obtained authentic image to the watermark 
information extracting means 35, and causes the ex- 
tracting means 35 to extract watermark information from 
the authentic image. If this extraction fails (step 23), the 
10 control means 34 judges that the personal certificate 1 0 
is unjustifiable (step 24), and terminates the processing. 
[0056] On the other hand, if the extraction of the wa- 
termark information succeeds, the control means 34 
connects to the server 42 through the communication 
is means 40 (step 25). 

[0057] The control means 34 transmits the identifier 
11 that has been read from the personal certificate to 
the watermark information inquiring means 39, and 
causes the inquiring means 39 to acquire the watermark 
20 information corresponding to the identifier 1 1 (step 26). 
[0058] When receiving this inquiry, the server 42 re- 
trieves the watermark information corresponding to the 
identifier in the database 3. If the watermark information 
is not found, the server 42 sends a message that the 
corresponding information is notfound. If the watermark 
information is found, the server 42 returns the found wa- 
termark information to the control means 34 (step 27). 
[0059] When the control means 34 receives the infor- 
mation from the server 42 : the control means 34 releas- 
es the connection (step 28). If the control means 34 re- 
ceives the message that the watermark information is 
not found (step 29), it is judged that the personal certif- 
icate 1 0 is unjustifiable (step 24), and the processing is 
terminated. 

[0060] On the other hand, when receiving the water- 
mark information, the control means 34 transmits the 
watermark information extracted by the watermark in- 
formation extracting means 35 and the watermark infor- 
mation received from the server 42 at this time to the 
watermark information comparing means 36 for a com- 
parison. If the watermark information from the two 
sources are found to be non-identical in the comparison 
made by the watermark information comparing means 
36, the control means 34 determines that the personal 
certificate 10 is unjustifiable (step 24), and terminates 
the processing. 

[0061] On the other hand, if the watermark informa- 
tion from the two sources are found to be identical in the 
comparison, the control means 34 determines that the 
personal certificate 10 is justifiable (step 31), and com- 
pletes the processing. 

[0062] Preferably when the watermark is judged to be 
justifiable, the same process as the main part of Fig. 3 
is carried out once again at step 32, and the watermark 
information corresponding to this identifier is updated 
(step 32). As a matter of course, the update means up- 
dates both the digital watermark embedded in the au- 
thentic image of the personal certificate 10 and the dig- 
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ital watermark in the database 3 (note that these digital 
watermarks are caused to be identical). If so, the digital 
watermark is updated whenever the authentication 
process succeeds. This adds an additional defense 
against falsification or forgery. 

[0063] As described above, in the present invention, 
the digital watermark embedded in the authentic image 
of the personal certificate does not depend only on proof 
by authentication equipment. Instead, it compares the 
digital watermark stored in the database remote from 
the personal certificate or the authentication equipment 
with the digital watermark with the digital watermark on 
the personal certificate. Therefore, a preventive system 
against falsification or against other unjustifiable use is 
constructed. 

[0064] Having described preferred embodiments of 
the invention with reference to the accompanying draw- 
ings, it is to be understood that the invention is not lim- 
ited to those precise embodiments, and that various 
changes and modifications may be effected therein by 
one skilled in the art without departing from the scope 
or spirit of the invention as defined in the appended 
claims. 



Claims 

1 . A justification authenticating system comprising: 

a database (3) for storing an identifier of a per- 
sonal certificate and digital watermark informa- 
tion related to said identifier; 
a personal certificate (1 0) containing said iden- 
tifier; 

said personal certificate also containing a read- 
able authentic image (1 2) in which a digital wa- 
termark relative to said identifier is embedded; 
a read means (30) for reading at least said au- 
thentic image from said personal certificate; 
a watermark information inquiring means (39) 
for extracting digital watermark information cor- 
responding to said identifierf rom said authentic 
image; and 

a watermark information comparing means 
(36) for judging whether said digital watermark 
information extracted by said watermark infor- 
mation inquiring means from said personal cer- 
tificate is identical to said watermark informa- 
tion stored in said database; 
if said watermark inquiring means finds identi- 
cal watermark information in said watermark in- 
formation from said authentic image and said 
database, said watermark inquiring means jus- 
tifies said personal certificate; and 
if the watermark information from the two sourc- 
es are not identical, then the watermark inquir- 
ing means fails to justify said personal certifi- 
cate. 



2. The justification authenticating system of claim 1 , 
wherein said personal certificate includes: 

an information carrier (1 3) for storing said au- 
5 thentic image; and 

said digital watermark is embedded in said au- 
thentic image stored in said information carrier. 

3. The justification authenticating system of claim 2, 
*0 wherein said information carrier is at least one of a 

semiconductor memory and a magnetic recording 
material. 

4. The justification authenticating system of claim 2, 
'5 wherein: 

said information carrier includes said authentic 
image being a printed authentic image (62) af- 
fixed to said personal certificate; and 
20 said read means reads said printed image. 

5. The justification authenticating system of claim 1, 
wherein at least one of said identifier and said digital 
watermark information includes an element that is 

25 randomly generated. 

6. The justification authenticating system of claims 1 , 
further comprising: 

30 means for updating said digital watermark in- 

formation (38) stored in said database and said 
digital watermark information embedded in said 
authentic image in said personal certificate 
each time said watermark information inquiring 

35 means judges said digital watermark informa- 

tion to be justifiable. 

7. The justification authenticating system of claim 1 , 
further comprising: 

40 

a communication device (40, 41) for communi- 
cating said watermark information between 
said watermark information inquiring means 
and said database. 

45 

8. A personal certificate issuing system comprising: 

an identifier generating means (43) for gener- 
ating an identifier unique to a personal certifi- 

50 cate; 

a watermark information generating means 
(44) for generating digital watermark informa- 
tion corresponding to said identifier; 
a database (3) for storing said identifier of said 

55 personal certificate and said digital watermark 

information relative to said identifier in relation 
to each other; 

a watermark information registering means 
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(38) for storing said identifier generated by said 
identifier generating means and said digital wa- 
termark information generated by said water- 
mark information generating means in said da- 
tabase; 5 
an image input means (32, 33) for inputting a 
raw authentic image; 

a watermark-embedded image forming means 
(37) for forming a watermark-embedded au- 
thentic image in which said digital watermark is 10 
embedded on said authentic image input by 
said image input means; and 
a personal certificate (1 0) that readably carries 
said authentic image generated by said water- 
mark-embedded image forming means and is 
said identifier generated by said identifier gen- 
erating means. 

9. The personal certificate issuing system of claim 8, 
wherein: 20 



further comprising: 

a communication device for communicating 
said watermark information between said wa- 
termark information inquiring means and said 
database. 

16. A personal certificate (10) comprising: 
a unique identifier (11); 

an authentic image (12) of an authorized user 
of said personal certificate; 
said authentic image being viewable by eye; 
said authentic image containing embedded 
therein digital watermark information corre- 
sponding to said identifier; and 
means for permitting communication (40, 41 ) of 
said identifier and said digital watermark infor- 
mation to a database (3) remote from said per- 
sonal certificate. 



said personal certificate includes an informa- 
tion carrier (13) for storing said authentic im- 
age; and 

said authentic image includes a digital water- 
mark embedded in said authentic image stored 
in said information carrier. 

10. The personal certificate issuing system of claim 9, 
wherein said information carrier is at least one of a 
semiconductor memory and a magnetic material. 

11. The personal certificate issuing system of claim 9 
wherein: 

said information carrier includes said authentic 

image being a printed authentic image affixed 

to said personal certificate; and 

said read means reads said printed authentic 

image. 

12. The personal certificate issuing system of claim 8, 
wherein at least one of said identifier and said digital 
watermark information includes an element that is 
randomly generated. 

13. The personal certificate issuing system of claim 8, 
wherein said digital watermark information stored in 
said database and embedded in said authentic im- 
age of said personal certificate are updated at a pre- 
determined time. 

1 4. The personal certificate issuing system of claim 1 3, 
wherein said predetermined time includes each 
time said system correctly justifies an authentic im- 
age. 

15. The personal certificate issuing system of claim 8, 



17. A method for issuing a personal authentication cer- 
tificate; the said method comprising the steps of: 

generating an identifier (11) unique to a person- 
al certificate (10); 

generating data relating to a digital watermark 
for the said identifier; 

storing data relating to the said identifier, digital 
watermark and personal certification in relation 
to each other; 

inputting an image to be associated with the 
said personal certification; 
processing the said image with the said water- 
mark data to form a watermark-embedded au- 
thentication image (12) for the said personal 
certificate. 

18. A method for authenticating a personal authentica- 
tion certificate; the said method comprising the 
steps of: 

reading at least an authentication image (12) 
from a personal authentication certificate (3): 
processing the said authentication image (35) 
to extract data relating to watermark embedded 
in the said image; 

comparing the said extracted embedded water- 
mark data with watermark data stored in a data 
storage means (11) in relation to an identifier 
(11) for the said personal authentication certif- 
icate; 

determining whether the said extracted embed- 
ded watermark data corresponds with the said 
stored watermark data (36), whereby to au- 
thenticate the personal authentication certifi- 
cate. 
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1 9. A method according to Claim 1 8 further comprising 
the step of receiving the said stored data from a da- 
tabase connected to a remote personal certificate 
reading means via a communication network. 
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